AWS Systems Manager
用户指南
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

创建维护时段任务 (AWS CLI)

  1. 运行以下命令,为维护时段注册任务。第一个示例中的任务使用 Systems Manager Run Command 借助 AWS-RunShellScript 文档运行 df 命令。您也可以指定使用 Systems Manager Automation、AWS Lambda 和 AWS Step Functions 的任务,如其他示例所示。有关可以指定的选项的信息,请参阅 关于“register-task-with-maintenance-window”选项和值

    aws ssm register-task-with-maintenance-window --window-id mw-0c50858d01EXAMPLE --task-arn "AWS-RunShellScript" --targets "Key=InstanceIds,Values=i-07782c72faEXAMPLE" --service-role-arn "arn:aws:iam::1122334455:role/MW-Role" --task-type "RUN_COMMAND" --task-invocation-parameters '{"RunCommand":{"Parameters":{"commands":["df"]}}}' --max-concurrency 1 --max-errors 1 --priority 10

    注意

    For information about how to enter JSON-formatted parameters on the command line on different local operating systems, see Using Quotation Marks with Strings in the AWS Command Line Interface User Guide.

    系统将返回类似于以下内容的信息:

    {
       "WindowTaskId":"44444444-5555-6666-7777-88888888"
    }

    您还可以使用维护时段目标 ID 注册任务。维护时段目标 ID 通过之前的命令返回。

    aws ssm register-task-with-maintenance-window --targets "Key=WindowTargetIds,Values=5d2b9275-40f7-40e8-b831-95136EXAMPLE" --task-arn "AWS-RunShellScript" --service-role-arn "arn:aws:iam::1122334455:role/MW-Role" --window-id "mw-0c50858d01EXAMPLE" --task-type "RUN_COMMAND" --task-invocation-parameters '{"RunCommand":{"Parameters":{"commands":["df"]}}}' --max-concurrency 1 --max-errors 1 --priority 10

    系统将返回类似于以下内容的信息:

    {
       "WindowTaskId":"44444444-5555-6666-7777-88888888"
    }

    以下示例演示如何注册其他任务类型。

    重要

    Maintenance Window的 IAM 策略要求您使用 SSM 作为 Lambda 函数(或别名)名称和 Step Functions 状态机名称的前缀,如下面的前两个示例所示。在继续注册这些类型的任务之前,必须在 AWS Lambda 和 AWS Step Functions 中将它们的名称更新为包含 SSM。

    Lambda

    aws ssm register-task-with-maintenance-window --window-id "mw-0c50858d01EXAMPLE" --targets Key=WindowTargetIds,Values=31547414-69c3-49f8-95b8-ed2dcEXAMPLE --task-arn arn:aws:lambda:us-west-2:111122223333:function:SSMTestFunction --service-role-arn arn:aws:iam::111122223333:role/MaintenanceWindows --task-type LAMBDA --task-invocation-parameters '{"Lambda":{"Payload":"{\"targetId\":\"{{TARGET_ID}}\",\"targetType\":\"{{TARGET_TYPE}}\"}","Qualifier":"$LATEST","ClientContext":"ew0KICAiY3VzdG9tIjogew0KICAgICJjbGllbnQiOiAiQVdTQ0xJIg0KIEXAMPLE"}}' --priority 0 --max-concurrency 10 --max-errors 5 --name "Lambda_Example" --description "My Lambda Example"

    Step Functions

    aws ssm register-task-with-maintenance-window --window-id "mw-0c50858d01EXAMPLE" --targets Key=WindowTargetIds,Values=31547414-69c3-49f8-95b8-ed2dcEXAMPLE --task-arn arn:aws:states:us-west-2:111122223333:stateMachine:SSMTestStateMachine --service-role-arn arn:aws:iam::111122223333:role/MaintenanceWindows --task-type STEP_FUNCTIONS --task-invocation-parameters '{"StepFunctions":{"Input":"{\"instanceId\":\"{{TARGET_ID}}\"}"}}' --priority 0 --max-concurrency 10 --max-errors 5 --name "Step_Functions_Example" --description "My Step Functions Example"

    Automation

    aws ssm register-task-with-maintenance-window --window-id "mw-0c50858d01EXAMPLE" --targets Key=WindowTargetIds,Values=31547414-69c3-49f8-95b8-ed2dcEXAMPLE --task-arn automationdocument-name --service-role-arn arn:aws:iam::111122223333:role/MaintenanceWindows --task-type AUTOMATION --task-invocation-parameters "Automation={DocumentVersion=5,Parameters={instanceId='{{TARGET_ID}}'}}" --priority 0 --max-concurrency 10 --max-errors 5 --name "Name" --description "Description"

    Run Command

    aws ssm register-task-with-maintenance-window --window-id "mw-0c50858d01EXAMPLE" --targets Key=WindowTargetIds,Values=31547414-69c3-49f8-95b8-ed2dcEXAMPLE --task-arn AWS-RunPowerShellScript --service-role-arn arn:aws:iam::111122223333:role/MaintenanceWindows --task-type RUN_COMMAND --task-invocation-parameters "RunCommand={Comment=SomeComment,DocumentHashType=Sha256,DocumentHash=b9d0966408047ebcafee82de4d42477299306fd37510c6815c19e9848EXAMPLE,NotificationConfig={NotificationArn=arn:aws:sns:us-west-2:111122223333:RunCommandTopic,NotificationEvents=[Success,Failed],NotificationType=Invocation},OutputS3BucketName=MyS3Bucket,OutputS3KeyPrefix=RunCommand,ServiceRoleArn=arn:aws:iam::111122223333:role/RunCommand,TimeoutSeconds=30,Parameters={commands=ipconfig}}" --priority 0 --max-concurrency 10 --max-errors 5 --name "Run_Command_Sample" --description "My Run Command Sample"
  2. 运行以下命令,列出维护时段已注册的所有任务。

    aws ssm describe-maintenance-window-tasks --window-id "mw-0c50858d01EXAMPLE"

    系统将返回类似于以下内容的信息:

    {
       "Tasks":[
          {
             "ServiceRoleArn":"arn:aws:iam::111122223333:role/MW-Role",
             "MaxErrors":"1",
             "TaskArn":"AWS-RunPowerShellScript",
             "MaxConcurrency":"1",
             "WindowTaskId":"3333-3333-3333-333333",
             "TaskParameters":{
                "commands":{
                   "Values":[
                      "driverquery.exe"
                   ]
                }
             },
             "Priority":3,
             "Type":"RUN_COMMAND",
             "Targets":[
                {
                   "Values":[
                      "i-02573cafcfEXAMPLE"
                   ],
                   "Key":"InstanceIds"
                }
             ]
          },
          {
             "ServiceRoleArn":"arn:aws:iam::111122223333:role/MW-Role",
             "MaxErrors":"1",
             "TaskArn":"AWS-RunPowerShellScript",
             "MaxConcurrency":"1",
             "WindowTaskId":"44444-44-44-444444",
             "TaskParameters":{
                "commands":{
                   "Values":[
                      "ipconfig.exe"
                   ]
                }
             },
             "Priority":1,
             "Type":"RUN_COMMAND",
             "Targets":[
                {
                   "Values":[
                      "555555-55555-555-5555555"
                   ],
                   "Key":"WindowTargetIds"
                }
             ]
          }
       ]
    }